Modified the policy page controller by adding a new method to work on a form request from the policy page for enabling the generate issued attestation certificate based on a time frame rather than never or on each provision.

HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/model/PolicyPageModel.java

@@ -24,6 +24,7 @@ public class PolicyPageModel {
     private String ecValidate;
     private String fmValidate;
     private String attestationCertificateIssued;
+    private String generationExpiration;
     private String numOfValidDays;
     private String ignoreIma;
     private String ignoretBoot;
@@ -166,6 +167,15 @@ public class PolicyPageModel {
         return attestationCertificateIssued;
     }
 
+    /**
+     * Gets the attestation certificate issued state.
+     *
+     * @return the model string representation of this field.
+     */
+    public String getGenerationExpiration() {
+        return generationExpiration;
+    }
+
     /**
      * Gets the number of selected valid days.
      *
@@ -313,6 +323,16 @@ public class PolicyPageModel {
         this.attestationCertificateIssued = attestationCertificateIssued;
     }
 
+    /**
+     * Sets the generation expiration state.
+     *
+     * @param generationExpiration "checked" if generating expiration is on.
+     */
+    public void setGenerationExpiration(
+            final String generationExpiration) {
+        this.generationExpiration = generationExpiration;
+    }
+
     /**
      * Sets the Ignore IMA state.
      *

HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/PolicyPageController.java

@@ -218,34 +218,85 @@ public class PolicyPageController extends PageController<NoPageParams> {
         Map<String, Object> model = new HashMap<>();
         PageMessages messages = new PageMessages();
         String successMessage;
-        String numOfDays;
         boolean issuedAttestationOptionEnabled
                 = ppModel.getAttestationCertificateIssued()
                 .equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE);
-        boolean generateCertificateEnabled
-                = ppModel.getAttestationCertificateIssued()
-                .equalsIgnoreCase(ENABLED_EXPIRES_PARAMETER_VALUE);
 
         try {
             SupplyChainPolicy policy = getDefaultPolicyAndSetInModel(ppModel, model);
 
-            if (issuedAttestationOptionEnabled || generateCertificateEnabled) {
+            if (issuedAttestationOptionEnabled) {
                 successMessage = "Attestation Certificate generation enabled.";
             } else {
                 successMessage = "Attestation Certificate generation disabled.";
+                policy.setGenerateOnExpiration(false);
             }
 
-            if (generateCertificateEnabled) {
-                numOfDays = ppModel.getNumOfValidDays();
-                if (numOfDays == null) {
-                    numOfDays = SupplyChainPolicy.TEN_YEARS;
-                }
-            } else {
-                numOfDays = policy.getValidityDays();
-            }
-
-            policy.setValidityDays(numOfDays);
             policy.setIssueAttestationCertificate(issuedAttestationOptionEnabled);
+            savePolicyAndApplySuccessMessage(ppModel, model, messages, successMessage, policy);
+        } catch (PolicyManagerException e) {
+            handlePolicyManagerUpdateError(model, messages, e,
+                    "Error changing ACA Attestation Certificate generation policy",
+                    "Error updating policy. \n" + e.getMessage());
+        }
+
+        // return the redirect
+        return redirectToSelf(new NoPageParams(), model, attr);
+    }
+
+    /**
+     * Updates the state of the policy setting that indicates that the generation
+     * will occur in a set time frame and redirects
+     * back to the original page.
+     *
+     * @param ppModel The data posted by the form mapped into an object.
+     * @param attr RedirectAttributes used to forward data back to the original page.
+     * @return View containing the url and parameters
+     * @throws URISyntaxException if malformed URI
+     */
+    @RequestMapping(value = "update-expire-on", method = RequestMethod.POST)
+    public RedirectView updateExpireOnVal(@ModelAttribute final PolicyPageModel ppModel,
+                                             final RedirectAttributes attr)
+            throws URISyntaxException {
+
+        // set the data received to be populated back into the form
+        Map<String, Object> model = new HashMap<>();
+        PageMessages messages = new PageMessages();
+        String successMessage;
+        String numOfDays;
+        LOGGER.error("We got this value -> {}", ppModel.getGenerationExpiration());
+        boolean generateCertificateEnabled
+                = ppModel.getGenerationExpiration()
+                .equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE);
+
+        try {
+            SupplyChainPolicy policy = getDefaultPolicyAndSetInModel(ppModel, model);
+            boolean issuedAttestationOptionEnabled
+                    = policy.isIssueAttestationCertificate();
+
+            if (issuedAttestationOptionEnabled) {
+                if (generateCertificateEnabled) {
+                    successMessage = "Attestation Certificate generation expiration time enabled.";
+                } else {
+                    successMessage = "Attestation Certificate generation expiration time disabled.";
+                }
+
+                if (generateCertificateEnabled) {
+                    numOfDays = ppModel.getNumOfValidDays();
+                    if (numOfDays == null) {
+                        numOfDays = SupplyChainPolicy.TEN_YEARS;
+                    }
+                } else {
+                    numOfDays = policy.getValidityDays();
+                }
+
+                policy.setValidityDays(numOfDays);
+            } else {
+                generateCertificateEnabled = false;
+                successMessage = "Attestation Certificate generation is disabled, "
+                        + "can not set time expiration";
+            }
+
             policy.setGenerateOnExpiration(generateCertificateEnabled);
             savePolicyAndApplySuccessMessage(ppModel, model, messages, successMessage, policy);
         } catch (PolicyManagerException e) {

HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/policy.jsp

@@ -107,7 +107,7 @@
             <%-- Generate Attestation Certificate--%>
             <div class="aca-input-box">
                 <form:form method="POST" modelAttribute="initialData" action="policy/update-issue-attestation">
-                    <li>Generate Attestation Certificate: ${(initialData.issueAttestationCertificate || initialData.generateOnExpiration) ? 'Enabled' : 'Disabled'}
+                    <li>Generate Attestation Certificate: ${initialData.issueAttestationCertificate ? 'Enabled' : 'Disabled'}
                         <my:editor id="issuedCertificatePolicyEditor" label="Edit Settings">
                             <div class="radio">
                                 <label><input id="aicTop" type="radio" name="attestationCertificateIssued" ${initialData.issueAttestationCertificate ? '' : 'checked'} value="unchecked"/> Never generate an Attestation Certificate</label>
@@ -115,14 +115,23 @@
                             <div class="radio">
                                 <label><input id="aicMid" type="radio" name="attestationCertificateIssued" ${initialData.issueAttestationCertificate ? 'checked' : ''} value="checked"/> Always generate an Attestation Certificate</label>
                             </div>
-                            <div class="radio">
-                                <label>
-                                    <input id="aicBot" type="radio" name="attestationCertificateIssued" ${initialData.generateOnExpiration ? 'checked' : ''} value="expires"/> Only Generate when current Attestation Certificate expires<br />
-                                    ** Validity period for the Attestation Certificate
-                                    <input id="validLen" type="text" name="numOfValidDays" value="3650" size="6" maxlength="6" ${(initialData.generateOnExpiration) ? '' : 'disabled'} />
-                                </label>
-                            </div>
                         </my:editor>
+                </form:form>
+                <form:form method="POST" modelAttribute="initialData" action="policy/update-expire-on">
+                        <ul>
+                            <li> Set generate on expire time frame: ${initialData.generationExpiration ? 'Enabled' : 'Disabled'}
+                                <my:editor id="issuedCertificatePolicyExpirationEditor" label="Edit Settings">
+                                    <div class="radio">
+                                        <label>
+                                            <input id="aicBot" type="checkbox" name="generationExpiration" ${initialData.generationExpiration ? 'checked' : ''} value="checked"/>
+                                                Only Generate when current Attestation Certificate expires<br />
+                                                ** Validity period for the Attestation Certificate
+                                            <input id="validLen" type="text" name="numOfValidDays" value="3651" size="6" maxlength="6" enabled />
+                                        </label>
+                                    </div>
+                                </my:editor>
+                            </li>
+                        </ul>
                     </li>
                 </form:form>
             </div>